Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d2a7f51a-c84c-4e35-abaf-ccd73a60f87c.roa
File:                     d2a7f51a-c84c-4e35-abaf-ccd73a60f87c.roa (raw, json)
Hash identifier:          2UiZwJrvuB3Gf9EeZJrp0koJurNpdCCmyDgqjSmZ9lo=
Subject key identifier:   08:3C:B5:FB:90:E6:4A:21:71:EF:07:96:CF:16:BF:3A:FE:BD:27:6B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       668DB4521CEFD9666FDF947A0B1D52B59BA05FEC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d2a7f51a-c84c-4e35-abaf-ccd73a60f87c.roa
Signing time:             Sun 02 Nov 2025 00:20:04 +0000
ROA not before:           Sun 02 Nov 2025 00:20:04 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.60.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:8d:b4:52:1c:ef:d9:66:6f:df:94:7a:0b:1d:52:b5:9b:a0:5f:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov  2 00:20:04 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=f81e454e22582a632d7806a2b1b0cd65d7316bd2063b5d73ab34fa97cc97c0a7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c6:c5:83:f7:d1:ef:3c:74:ce:c4:6e:01:f7:
                    4e:e8:bf:b7:89:37:3e:dd:52:38:ba:08:5d:43:4a:
                    c3:a9:a9:39:a3:5d:6a:fa:f5:f5:d4:dc:fe:c7:f4:
                    f5:f3:7a:19:44:d1:f4:69:74:32:b8:b0:75:28:87:
                    9c:70:c2:a0:b9:ff:8f:d3:e4:1e:ae:e8:ef:81:d3:
                    c1:79:16:b6:d2:17:ac:b7:8b:77:cf:73:8a:43:9b:
                    fc:88:20:33:9e:62:7c:ad:b4:94:c3:d1:6b:da:6c:
                    40:58:90:5c:51:ff:41:a0:21:d7:bf:b6:14:f3:52:
                    5d:91:11:6e:0b:6e:61:28:b6:68:e2:7f:46:df:b8:
                    ba:4e:ad:7e:c0:a1:b5:01:45:59:67:37:cd:7f:01:
                    35:57:a0:83:7f:e5:35:78:3d:96:79:76:b2:2f:6c:
                    c7:e6:e9:f1:2a:4b:00:12:1e:26:7f:9e:12:c2:60:
                    bf:0e:5b:14:80:39:29:33:fc:ff:b3:29:08:08:b1:
                    6e:d5:23:a3:30:0a:16:67:49:8f:86:f0:fa:03:66:
                    b3:1b:73:6e:d2:58:db:30:13:a4:10:97:26:55:ae:
                    9c:a9:ec:8b:fe:d4:1b:74:f8:b7:64:2c:9d:ce:b8:
                    93:88:12:62:55:cb:fe:52:5e:d5:85:b1:f3:0d:28:
                    4d:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:3C:B5:FB:90:E6:4A:21:71:EF:07:96:CF:16:BF:3A:FE:BD:27:6B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d2a7f51a-c84c-4e35-abaf-ccd73a60f87c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.60.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         02:e5:9b:1e:e6:36:77:57:4c:e4:0a:c4:aa:a6:24:af:66:27:
         06:de:ed:f9:af:27:b5:4f:2d:c3:ea:09:f9:5e:07:c0:ba:0c:
         9d:e7:4b:b2:28:8e:9a:ad:3c:01:6f:cc:7a:e2:5f:42:a1:55:
         f9:b9:f0:11:14:1f:de:7c:bb:14:16:20:b5:81:7a:72:30:52:
         23:bc:92:7c:5c:a7:a5:43:54:5f:4a:3c:4d:6b:14:f9:76:d6:
         4f:0d:58:33:a1:37:4e:cb:6e:bb:41:12:b0:0e:37:4e:b1:af:
         da:ba:ab:29:34:f7:3c:00:e3:50:92:74:54:fc:13:cb:04:00:
         26:85:87:9f:76:2c:39:c2:d6:bd:e2:c7:3c:cc:bc:92:e4:ba:
         95:e0:68:d9:70:08:a7:d1:c1:0c:8f:34:69:51:64:1f:08:43:
         e8:39:07:82:90:d9:f1:b5:ee:24:db:0f:fa:24:10:dd:bd:46:
         89:41:47:9a:7d:7b:c3:44:de:c1:7e:28:7d:4d:8e:46:39:66:
         62:57:59:3e:30:ab:1e:e1:15:00:c7:25:cf:1a:b3:68:9e:2b:
         3a:3b:ee:98:aa:51:a0:17:36:cb:51:e6:00:8d:46:2a:d7:69:
         fb:90:88:fe:de:5a:5d:f9:c6:4f:16:a4:d2:c0:95:0b:f0:de:
         51:c4:08:21
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUZo20Uhzv2WZv35R6Cx1StZugX+wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMTAyMDAyMDA0WhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmODFlNDU0ZTIyNTgyYTYzMmQ3ODA2YTJiMWIwY2Q2NWQ3
MzE2YmQyMDYzYjVkNzNhYjM0ZmE5N2NjOTdjMGE3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoxsWD99HvPHTOxG4B907ov7eJNz7dUji6CF1DSsOpqTmj
XWr69fXU3P7H9PXzehlE0fRpdDK4sHUoh5xwwqC5/4/T5B6u6O+B08F5FrbSF6y3
i3fPc4pDm/yIIDOeYnyttJTD0WvabEBYkFxR/0GgIde/thTzUl2REW4LbmEotmji
f0bfuLpOrX7AobUBRVlnN81/ATVXoIN/5TV4PZZ5drIvbMfm6fEqSwASHiZ/nhLC
YL8OWxSAOSkz/P+zKQgIsW7VI6MwChZnSY+G8PoDZrMbc27SWNswE6QQlyZVrpyp
7Iv+1Bt0+LdkLJ3OuJOIEmJVy/5SXtWFsfMNKE1hAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUCDy1+5DmSiFx7weWzxa/Ov69J2swHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QyYTdmNTFhLWM4NGMtNGUzNS1hYmFmLWNjZDczYTYwZjg3Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQPDANBgkqhkiG9w0BAQsFAAOCAQEAAuWbHuY2d1dM5ArEqqYkr2YnBt7t
+a8ntU8tw+oJ+V4HwLoMnedLsiiOmq08AW/MeuJfQqFV+bnwERQf3ny7FBYgtYF6
cjBSI7ySfFynpUNUX0o8TWsU+XbWTw1YM6E3Tstuu0ESsA43TrGv2rqrKTT3PADj
UJJ0VPwTywQAJoWHn3YsOcLWveLHPMy8kuS6leBo2XAIp9HBDI80aVFkHwhD6DkH
gpDZ8bXuJNsP+iQQ3b1GiUFHmn17w0TewX4ofU2ORjlmYldZPjCrHuEVAMclzxqz
aJ4rOjvumKpRoBc2y1HmAI1GKtdp+5CI/t5aXfnGTxak0sCVC/DeUcQIIQ==
-----END CERTIFICATE-----